Dumpster diving: in cybersecurity, one man’s trash is another man’s treasure!
Have you heard the term “dumpster diving”? It was originally created to describe a very common act in several nations around the world: rummaging through trash cans and dumpsters in the hope of finding items that, despite having been tossed out by their original owners, could still be useful to third parties.
But that’s not the dumpster diving we’ll be discussing here. The term has been picked up in the information security sector, where it refers to the criminal practice of malicious agents combing through the trash, especially that coming from companies, looking to find the remains of confidential information that can be employed in targeted attacks. And do you know what’s worse? They usually hit the jackpot since so many corporations fail to correctly dispose of the information stored on physical media!
Rummaging through your trash
Stop for a second and imagine everything that a company may throw out without considering the possibility that a scammer could have their eyes on the trash can. Paper reports, notebooks with lists of contacts, CDs and DVDs containing intellectual property, and even entire computers, very often still equipped with their storage discs (HDs or SSDs) that never have been “cleaned”. Even if a device is formatted prior to disposal, if not correctly performed, it is still possible to recover passwords, files, and loads of other data precious to cybercriminals.
Sometimes, the problem lies in the lack of a staff member’s cyber hygiene, like that of someone who doesn’t think twice about crumpling up a report and tossing it in the trash. At other times, the problem lies in the lack of a corporate policy covering the correct disposal of information depending on the type of medium used for storage. Regardless of where the fault lies, the fact is that the consequences can be disastrous, ranging from leaked credentials to extortion scams.
So, what’s the best step forward?
Obviously, the correct disposal of physical media is not always a simple task. But, once policies and processes have been implemented, the practice becomes second nature, just like any other cyber hygiene habit. So here are a few handy tips:
-
Paper documents: use a paper shredder to dispose of physical documents. It is a simple device that shreds information printed on paper, making it incomprehensible.
-
CDs and DVDs: these can simply be broken or shredded. Some people use a sharp object to scratch the disc to the point that no device can read it.
-
Hard drives, USB flash drives and other physical media: the best tip is to use a technique called “demagnetization”, which “burns” the magnetic field in these types of media, rendering them completely useless. There are specific devices available on the market for this process.
But remember: all these operations and processes must be documented through clear procedures available to all company employees. That way, the company is fully aligned with information disposal protocols.